I am evaluating this library and need to know if it is possible to create a ssh tunnel through multiple hops. I need to local port forwarding from my desktop to server 1, then continue the same tunnel connection and log into server 2.

I can get the 2nd connection with other SSL libraries, but i can never continue the port forwarding, as the 2nd tunnel is never related to my local connection, so there is no control over it.

I have looked at the multiple forwarding threads, but i also need a connection to the 2nd server. I have tried the follow example, but i need to log into the 2nd sever and run commands there.

Ultimately, my goal is to be able to launch a web interface to a device connected to the second server. I can do this in Putty by first connecting to Server 1, and local port forwarding. Then i run a ssh command into the second server and launch a web interface.

As SSH itself does not provide for multi-hop forwarding support, you will have to design the scheme by yourselves, which is likely to be fairly similar (architecture-wise) to what you are doing with Putty. As each hop of the forwarding requires a separate SSH connection, you will always need two SSH connections, (1) from your desktop to Server1, and (2) from Server1 to Server2. The second connection can only be opened by an SSH client running on Server1. You can't open it from a client running elsewhere.

You might consider opening a helper shell channel to launch second hop SSH forwarding on Server1 upon establishing SBB-driven forwarding on your desktop. Note that you will be restricted to SSH software available on Server1, that is to OpenSSH if it's a Linux box (or, alternatively, you may consider using SecureBlackbox to implement your own Linux-based forwarding application, which might simplify co-operation between your desktop and server endpoints).

You can do this with SecureBlackbox by opening a shell channel from your desktop computer to Server1 and setting up your second OpenSSH-driven tunnel through that channel with the following command:

ssh -L 9997:192.168.1.10:443 Server2IPAddress

As TElSSHLocalPortForwarding does not currently support sending shell commands over the same SSH connection which is used for data forwarding, you will need to establish a second SSH connection from your desktop application to Server1, and then use it to set up the second tunnel. This can be achieved with TElSimpleSSHClient component.

To summarize, you what you need to do is:

1. Set up forwarding from your desktop application to Server1. This is done with TElSSHLocalPortForwarding component.

2. Set up forwarding from Server1 to Server2. This is done by your desktop application by establishing another (second) SSH connection to Server1 and using it to launch OpenSSH-driven tunnel to Server2 exactly as you did that with Putty.

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. You can find out more about and set your own preferences here.